Vulnerabilities > Intel > BMC Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-19 | CVE-2020-12374 | Classic Buffer Overflow vulnerability in Intel BMC Firmware 1.06.06 Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
| 2021-02-17 | CVE-2020-12376 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06 Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2021-02-17 | CVE-2020-12375 | Out-of-bounds Write vulnerability in Intel BMC Firmware 1.06.06 Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 |
| 2021-02-17 | CVE-2020-12373 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel BMC Firmware 1.06.06 Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | 6.7 |
| 2020-10-29 | CVE-2020-11488 | Improper Verification of Cryptographic Signature vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution. | 6.7 |
| 2020-10-29 | CVE-2020-11484 | Unspecified vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | 4.9 |